Mark Nunnikhoven

Vice President, Cloud Research

Mark Nunnikhoven helps organizations build securely in the cloud.
Opinionated, passionate, driven, Mark is more than a cliched byline. In his 20+ years tackling development and operational challenges around the world, Mark has seen all manner of "interesting" solutions.
An engaging public speaker, an O'Reilly video author, Mark is an accomplished computer scientist and security executive.
Mark is available online at http://markn.ca and @marknca.

I recently hosted a webinar on optimizing security for AWS. The goal of the webinar was to help raise awareness of how security changes as you move to the AWS Cloud. I strongly believe that if you’re aware of the changes, you can actually build a stronger security posture for your deployments. The webinar runs…

Heartbleed just got real. The bug has been dominating headlines for the past week – and rightfully so. The scale of the impact of this issue is major. OpenSSL has been integrated into a significant number of development projects. It’s probably the most commonly used security library out there. Late Friday night (the 11th of…

In San Francisco last week, AWS opened their summit series for 2014. 5000+ people packed into the Moscone Center, and there was a ton of energy in the air. I was fortunate enough to have the opportunity to attend and to speak. I presented, “Updating Security Operations for the Cloud,” which is the talk I’ve…

My last few posts have looked at the impact you can expect hybrid and full cloud environments to have on your security practice. I’ve called out incident response, monitoring, and forensics as areas that can benefit from the flexibility provided by cloud environments. But what about the big picture? How do these areas come together…

I’ve written about how monitoring and incident response change in hybrid and full cloud environments as part of this series on operations. This post is going to touch on the changes facing forensics in cloud environments. Define:Forensics Before we dive in, I wanted to highlight that there are two definitions of “forensics” in use today….

Lately, I’ve been looking at our approach to updating security operations to deal with the realities of hybrid and full cloud environments. If you’ve missed the series so far, I’d recommend reading the first and second posts now. This post is going to highlight a few of the challenges that your network security monitoring practice…

In my last post, I highlighted the lack of sharing in the information security community around best practices and discussed the ups and downs of operating security in hybrid and full cloud environments. I wrapped that post up with a call to arms of sorts but also a promise to help kick things off. Incident…

More and more companies are deploying production workloads to the cloud (in all of its definitions), and that’s a very good thing. Unfortunately, this shift has highlighted an area where we–the information security community–are a little weak. That weakness is in sharing best practices and discussing the ups and downs of operating security in hybrid…

Last fall, AWS launched AWS Activate. This program helps make it easier for startups to get up and running on AWS by providing access to resources tailored to their specific needs. We’re always looking for new ways to team up with AWS, and we’re happy to announce that the latest update to the program now…

Cloud adoption is finally becoming mainstream. Over the past few months, the nature of the discussions I’ve been having have shifted from theoretical, to architectural, and now to every operational challenge. This is exciting.